<?php

require_once 'q/mvc/action.php';
require_once 'admin/session.php';
require_once 'dao/admin/user.php';
require_once 'config/recaptcha.php';
require_once 'recaptcha-php/recaptchalib.php';

class action_default extends q_mvc_action {

    public function indexAction(){
        $uid = admin_session::check();

        $this->view->uid = $uid;
    }

    public function loginAction(){
        $error = 0;
        $username = q_request::post('username');
        $password = q_request::post('password');

        // Get a key from https://www.google.com/recaptcha/admin/create
        $publickey = config_recaptcha::$admin_publickey;
        $privatekey = config_recaptcha::$admin_privatekey;

        # the response from reCAPTCHA
        $resp = null;
        # the error code from reCAPTCHA, if any
        $error = null;

        # was there a reCAPTCHA response?
        if (!empty($_POST["recaptcha_response_field"])) {
            $resp = recaptcha_check_answer ($privatekey,
                $_SERVER["REMOTE_ADDR"],
                $_POST["recaptcha_challenge_field"],
                $_POST["recaptcha_response_field"]);

            if ($resp->is_valid) {
                // echo "You got it!";

                if(!empty($username) and !empty($password)){

                    $au_dao = dao_admin_user::getInstance();
                    $uid = $au_dao->check($username, md5($password));
                    if(!empty($uid)){

                        admin_session::set($uid);

                        header('Location: /?login');
                        echo 'login ok';
                        exit;
                    } else {
                        $error = 'login failed';
                    }
                } else {
                    $error = 'fill all inputs please';
                }
            } else {
                # set the error code so that we can display it
                $error = $resp->error;
            }
        }

        $this->view->publickey = $publickey; 
        $this->view->error = $error; 
        $this->view->username = $username; 
    }

    public function changepwAction(){

        $uid = admin_session::check();

        $error = 0;

        $changepw = q_request::post('changepw');
        $old_password = q_request::post('old_password');
        $new_password = q_request::post('new_password');
        $new_password2 = q_request::post('new_password2');

        if(!empty($changepw)){
            if(!empty($old_password) and !empty($new_password) and !empty($new_password2)){
                if($new_password == $new_password2){
                    // try change password
                    $au_dao = dao_admin_user::getInstance();
                    $au_dao->changepw($uid, md5($old_password), md5($new_password));

                    $this->forward('logout');
                    return;
                } else {
                    $error = 'new password not same';
                }
            } else {
                $error = 'login failed';
            }
        }

        $this->view->error = $error; 
    }

    public function logoutAction(){
        $referer = $_SERVER['HTTP_REFERER'];
        if(empty($referer)){
            echo "need referer to exit";
            exit;
        }
        $r_s = parse_url($referer);

        $host = $_SERVER['HTTP_HOST'];

        if($r_s['host'] != $host){
            echo "csrf attact detected.";
            error_log( "csrf attact detected. logout.");
            exit;
        }

        $uid = admin_session::check();
        admin_session::delete($uid);
        header('Location: /?logout');

        exit;
    }
}

